Commit 9dc33998 authored by Maxym Borodenko's avatar Maxym Borodenko Committed by Matija Obreza

CORS configuration for /oauth/token

parent 666cf918
......@@ -16,6 +16,7 @@
package org.genesys2.spring.config;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import org.genesys.blocks.oauth.service.OAuthServiceImpl;
......@@ -59,6 +60,9 @@ import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenCo
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
/**
* The Class OAuth2ServerConfig.
......@@ -270,6 +274,18 @@ public class OAuth2ServerConfig {
@Override
public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients().checkTokenAccess("permitAll()").realm(APPLICATION_RESOURCE_ID + "/client").passwordEncoder(passwordEncoder);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(false);
config.setAllowedMethods(Collections.singletonList(HttpMethod.POST.name()));
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.setMaxAge(60 * 10L);
source.registerCorsConfiguration("/oauth/token", config);
CorsFilter filter = new CorsFilter(source);
oauthServer.addTokenEndpointAuthenticationFilter(filter);
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment